前提已经安装好EFK
1.在MySQL节点安装td-agent
http://packages.treasuredata.com.s3.amazonaws.com/3/redhat/7/x86_64/td-agent-3.4.1-0.el7.x86_64.rpm
yum install -y td-agent-3.4.1-0.el7.x86_64.rpm
2.在MySQL节点安装mysqlslowquery插件
td-agent-gem install fluent-plugin-mysqlslowquery
3.修改MySQL节点的td-agent配置
vim /etc/td-agent/td-agent.conf
#td-agent.conf <system> workers 10 </system> @include /etc/td-agent/conf.d/*.conf
vim /etc/td-agent/conf.d/source.conf
#source.conf <source> @type mysql_slow_query path /var/log/mysql/slow.log path_key file_path tag mysqld.slowlog pos_file /var/log/td-agent/mysql-slow.log.pos <parse> @type none </parse> </source>
vim /etc/td-agent/conf.d/match.conf
#match.conf <match mysqld.slowlog> @type forward send_timeout 60s recover_wait 10s hard_timeout 60s <server> name td-0 host 10.224.16.77 port 24224 weight 60 </server> </match>
然后启动MySQL节点的td-agent服务,查看日志有无报错
5.在EFK节点修改td-agent配置
vim /etc/td-agent/conf.d/match.conf
<match mysqld.slowlog> @type elasticsearch host 10.224.16.77 port 9200 user elastic password tima@123 logstash_format true logstash_prefix fluentd.${tag} # index名称 </match>
然后重启td-agent服务
6.在kibana添加或刷新索引,查看数据是否搜集成功